OUR COMPANY

Privacy is a 360 degree issue; the best
advisors can tell you how it looks from all the angles your organization needs
to know about.

Who we are

HISTORYDigital Discretion Inc. was founded in 2003
by Stephanie Perrin, as a consulting firm providing advice in the application
of privacy law, the development of privacy policy, and in practical matters of
implementation. Working with a number of
associates, the company produced reports on matters ranging from identity theft
to RFID, performed risk assessments and training sessions, and drafted privacy
policies and developed privacy impact assessments and privacy audits. The company was dormant between 2005 and 2013
while she returned to the federal government to work in various capacities on
privacy policy, risk management, and ethics.
Digital Discretion is now active again, providing advice and guidance in
information law and policy.

TEAMOur team brings a depth of experience that we venture to say is
unrivalled in the field of information rights.
We have all worked in this field for over ten years, most of us over 25
years, and have been in key roles developing, implementing, interpreting, and
writing about information law and policy.
We bring a wealth of different perspectives to our field, having worked
at the political level, as public servants and legal counsel, as reporters, as
representatives of Civil Society, as academics, and within corporations in
various capacities.

What we do
for you

- Needs
assessment: If you do not understand
what you need to do to comply with privacy law and customer expectations, we
can help.- Personal information audits and data
mapping: A first step is to identify and
review existing practices and procedures for the management of personal information
across all or part of an organization.

- Privacy risk and impact assessments,
scanning: The Privacy Impact Assessment
(PIA) is now the standard tool for evaluating compliance with privacy laws and
policies in Canada, and is required in some jurisdictions. Digital Discretion can provide a detailed
review of personal information transactions, either holistically or on a
project basis, and provide appropriate qualitative impact assessment. Since privacy risk assessment must be done in
the context of security risk assessment, we work with security risk
professionals to review the links with security threat risk assessments. Given our expertise in broader risk
assessment, we can fit your privacy risk mitigations into your global risk
management planning.

- Compliance
with law: We can help you develop
policies and procedures, examine relevant privacy laws and policies in order to
identify areas of non-compliance and assess your risks. A full PIA provides
mitigation strategies, ideally incorporated within a user-friendly action plan,
that will put your organization in a situation of manageable risk. We can help you develop implementation
schedules that will get you there within budget.

- Communications with clients, oversight
bodies, and stakeholders: Often when
privacy issues arise, organizations are in a quandary as to how to
respond. We can help, we have experience
at all levels of the privacy communications:oManagement
of complaints and appeals;oStrategies
for special issues such as social media, authentication, data analytics, ethics
in information practices;oTraining
of staff, and preparation of information materials for clients;oStrategic crisis communications. Sometimes things just go wrong and your
organization gets caught in the collateral damage, other times people make
costly mistakes. We have lots of
experience in dealing with stakeholders in these situations, and can help you
through the crisis.

- Policy
and Analysis: You are busy running your
business, you may not be aware of what is happening in privacy issues. Because of the speed with which issues can
develop, you may want to be advised when something that could impact your
organization has occurred. We provide
monitoring and analysis of local and global developments and trends, and advice
for short and long-term policy positions on key issues for organizations.

What we
believe

We are committed to the belief that a
flourishing and just information society is vital to the future of our
democratic ideals. While there is no
question that data protection, transparency, and security are a complex tangle
of often contradictory and risky issues, with our assistance you can navigate
them successfully. Our goal is to manage
that complexity for our clients, without charging an arm and a leg for our
services. We want to help you identify
the best course of action, and make that course of action practical,
affordable, and straightforward. We
believe most organizations take pride in doing the right thing, and are
committed to facilitating that.

We take pride in our work and invite
our clients to debate the issues, don’t just take our advice. If at the end of an engagement with Digital
Discretion, you don’t understand why you are doing what you are doing, we have
failed.

There is a lot of talk these days about
how privacy is dead, you have no privacy, young people don’t believe in it, etc. This is nonsense. Everybody wants
respect. Everybody wants to control
their own destiny, not have it mapped out by someone else who purports to know
more about them than they do themselves.
Privacy is not an outmoded idea – in fact it is increasingly relevant as
users become more aware of the risks implicit in the collection, use and
disclosure of personal information.
Organizations who choose to respect rather than exploit personal
information will not only save themselves from sifting through petabytes of
data in order to retrieve and correct errors, but will attract sophisticated
and loyal clients and partners. Poor
personal information management practices are now a measurable and increasingly
visible liability.

What we are doing1. August 27-30 - Stephanie Perrin was in Washington D.C. with the ICANN Experts Working Group. Work continues on the new top-level domain
Directory Services (replacement of WHOIS) and the comment period on the EWB
interim report had been extended to September 9, next meeting is October 8-10
in Los Angeles.

What we
are readingOn Big Data:Oscar H. Gandy, Jr. Coming to Terms with Chance: Engaging Rational Discrimination and
Cumulative Disadvantage, Farnham, Surry: Ashgate Publishing (2009).There is a lot of talk these days about
“big data”, about how it fuels the information economy and is the underpinning
to modern risk management. Oscar Gandy,
who has more or less retired from a prolific scholarly career in communications
and sociology, culminating at the Annenberg School at the University of
Pennsylvania, has written a very interesting book on what needs to be done to
protect individuals at risk in this new environment. Read the book to find his solution, it is
well worth it, and if there is a better solution out there we would love to
hear what it is.

On the current
discussion regarding the future of the European Directive on Data Protection:http://amberhawk.typepad.com/